upstream krdsh_nexus { server 127.0.0.1:8081; } proxy_cache_path /var/cache/angie/proxy/krdsh-nexus keys_zone=krdsh_cache_nexus:10m levels=1:2 inactive=1h; server { server_name nexus.krd.sh; include snip.d/listen-http; access_log off; log_not_found off; root /var/www/empty; include snip.d/https-alt-svc; include snip.d/http-base-security-headers; proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ http://$host/$1; keepalive_timeout 0; include snip.d/empty-favicon; location / { return 301 https://$host$uri$is_args$args; } ## allow APT work as usual location ~*^/repository/apt_[^/]+/(?:dists|pool)/ { proxy_pass http://krdsh_nexus; proxy_method GET; include snip.d/disable-comp; } ## allow proxy repositories only for non-public usage location ~*^/repository/proxy_[^/]+/ { allow 127.0.0.0/8; allow 192.0.2.0/24; allow 240.0.0.0/4; deny all; proxy_pass http://krdsh_nexus; proxy_method GET; } } server { server_name nexus.krd.sh; include snip.d/listen-https; include snip.d/ssl-krd.sh; access_log off; log_not_found off; root /var/www/empty; include snip.d/http-base-security-headers; include snip.d/proxy-common-headers; include snip.d/proxy-accept-encoding; include snip.d/proxy-connection-keepalive; include snip.d/proxy-early-data; proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1; location / { proxy_pass http://krdsh_nexus; ## quirks client_max_body_size 10G; } ## allow proxy repositories only for non-public usage location ~*^/repository/proxy_[^/]+/ { allow 127.0.0.0/8; allow 192.0.2.0/24; allow 240.0.0.0/4; deny all; proxy_pass http://krdsh_nexus; } js_import njs/nexus.js; location /static/ { js_content nexus.statics; } } server { ## PITA server_name nexus-st-0.krd.sh nexus-st-1.krd.sh nexus-st-2.krd.sh nexus-st-3.krd.sh nexus-st-4.krd.sh nexus-st-5.krd.sh nexus-st-6.krd.sh nexus-st-7.krd.sh nexus-st-8.krd.sh nexus-st-9.krd.sh nexus-st-a.krd.sh nexus-st-b.krd.sh nexus-st-c.krd.sh nexus-st-d.krd.sh nexus-st-e.krd.sh nexus-st-f.krd.sh ; include snip.d/listen-https; include snip.d/ssl-krd.sh; access_log off; # log_not_found off; root /var/www/empty; include snip.d/http-base-security-headers; add_header Access-Control-Allow-Origin "https://nexus.krd.sh" always; include snip.d/proxy-common-headers; include snip.d/proxy-accept-encoding; include snip.d/proxy-connection-close; include snip.d/proxy-early-data; proxy_ignore_headers Cache-Control Expires; proxy_hide_header Cache-Control; proxy_hide_header Expires; proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://nexus.krd.sh/$1; location / { return 301 https://nexus.krd.sh; } location /static/ { try_files /.non-existent-uri @precache; } location @precache { proxy_pass http://krdsh_nexus; proxy_cache krdsh_cache_nexus; proxy_cache_key $uri; expires 2h; proxy_cache_valid 200 4h; proxy_cache_valid 10s; proxy_ignore_client_abort on; ## quirks proxy_method GET; proxy_temp_file_write_size 4m; } }